package com.geezdata.cps.base.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

import com.geezdata.cps.base.constant.ShiroConstants;

public class UserRealm extends AuthorizingRealm{
	private static final Logger logger = LoggerFactory.getLogger(UserRealm.class);
	
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    	String userName = (String) principals.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        if(ShiroConstants.USER_SCHEDULE.equals(userName)) {
            authorizationInfo.addRole(ShiroConstants.ROLE_ADMIN);
        }
        
        return authorizationInfo;
    }
    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken authcToken) throws AuthenticationException {
    	String loginName = (String)authcToken.getPrincipal();
        SimpleAuthenticationInfo authenticationInfo = null;
        if(ShiroConstants.USER_SCHEDULE.equals(loginName)) {
        	authenticationInfo = new SimpleAuthenticationInfo(ShiroConstants.USER_SCHEDULE, ShiroConstants.USER_SCHEDULE, getName());
        }
        
        return authenticationInfo;
    }
    
    
	@Override
	protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)
			throws AuthenticationException {
		String userName = (String) token.getPrincipal();
		if(!ShiroConstants.USER_SCHEDULE.equals(userName)) {
			super.assertCredentialsMatch(token, info);
		}
	}

	@Override
	protected boolean hasRole(String roleIdentifier, AuthorizationInfo info) {
		if(!CollectionUtils.isEmpty(info.getRoles()) && info.getRoles().contains(ShiroConstants.ROLE_ADMIN)) {
			return true;
		}
		
		boolean result = super.hasRole(roleIdentifier, info);
		if(!result) {
			logger.info("当前账号" + SecurityUtils.getSubject().getPrincipal() + "没有" +roleIdentifier+ "角色.");
		}
		return result;
	}

	@Override
	protected boolean isPermitted(Permission permission, AuthorizationInfo info) {
		if(!CollectionUtils.isEmpty(info.getRoles()) && info.getRoles().contains(ShiroConstants.ROLE_ADMIN)) {
			return true;
		}
		boolean result = super.isPermitted(permission, info);
		if(!result) {
			logger.info("当前账号" + SecurityUtils.getSubject().getPrincipal() + "没有" +permission.toString()+ "权限.");
		}
		return result;
	}
	
	@Override
	protected Object getAuthorizationCacheKey(PrincipalCollection principals) {
		return SecurityUtils.getSubject().getSession().getId();
	}
}